Create a Bugzilla Account

The email address that you use for your bugzilla account should be the same email address as you use in the Fedora Account System for all things related to Fedora Packaging.

Do not use your @fedoraproject.org address if you already have one.You should not use your @fedoraproject.org email address in Bugzilla, because you will not get your bugzilla privileges once you are sponsored. If you want to use your @fedoraproject.org address, you might try to request at the Fedora Infrastructure Ticket System for an administrator to manually override the bugzilla address connected with your Fedora Account.

Create a Fedora Account

Click on 'New account' and fill in the blanks. Note that the email you give should be the same as the one you gave bugzilla. This allows the system to link privileges between the two accounts.

After you create your account, please be sure to sign the CLA (if you click on the "My Account" link in the top right, you should see CLA: CLA Done).

You will also need to upload a public RSA SSH key. You need to use the matching private key to access Fedora machines via SSH. You can read more about this here.

Join the important Mailing Lists

You must join the fedora devel-announce mailing list. It is a low traffic announcements only list, where important development information is posted.

You can join the fedora devel mailing list, where discussions about the development of Fedora are held. This is a high traffic mailing list.

You can also consider joining the package-announce mailing list -- The commits mailing list gets notifications on all commits in any package in the Fedora repository. This is a very high traffic mailing list. The Fedora package database sends commit mails for packages you (co-)maintain.

Another mailing list you might consider (at least to view the archives) is packaging. This is the mailing list of the Fedora Packaging Committee, who determine the official packaging guidelines for Fedora projects.

Ensure the software you wish to package is suitable

Note that there's other methods for getting sponsored into the packager group than submitting a new package. check the How to get sponsored page for more info.

The package you are submitting can be of any free and open source project that is not already packaged in Fedora. Before creating your package, make sure that the software is not already in the Fedora repository, or waiting for review.

Understand your responsibilities

Software components included in Fedora needs to be maintained actively and bugs, especially security issues needs to be fixed in a timely manner. As a Fedora package maintainer, it is your primary responsibility to ensure this. We encourage you to get co-maintainers and seek the help of the Fedora community via the development mailing list whenever needed.

Read Other Submissions

Read some other package submissions to learn about packaging and gain familiarity with the process and requirements.

Install the client tools (Koji) and set up your certificate

To build Packages for the Fedora Collection or EPEL in the Fedora build system you need Koji.

The fedora-packager package provides tools to help you setup and work with fedora; it will bring in everything necessary for general packaging work. Run the following as root:

yum install fedora-packager

After installation run the following as your user (not root) to setup your certificates and koji client configuration:

fedora-packager-setup

Certificate ExpirationThe certificate this generates will expire after 6 months. Then you have to request another one by re-running fedora-packager-setup. Also every time you request a new certificate, the old one is invalidated and cannot be used anymore.

You can now use "koji" to try to build your RPM packages in the Fedora build system, even on platforms or Fedora versions you don't have. Note that you can (and definitely should) test out builds ("scratch" builds) even before your package has been approved and you have been sponsored. A simple way to do a scratch build using koji is to do this at the command line:

koji build --scratch TARGET path_to_source_RPM

Where:

TARGET is a distribution keyword such as f17 (for Fedora 17). You can run "koji list-targets" to see all targets. To build for the next release (rawhide), don't use "dist-rawhide" - use "fX" where X is one more than the latest stable or branched release.

Note that you need to supply the path to the source RPM (which ends in .src.rpm), and not a URL. (If you only have the spec file, use rpmbuild --nodeps -bs SPECFILE to create the new source RPM).

Your koji builds can only depend on packages that are actually in the TARGET distribution repository. Thus, you can't use koji to build for released distributions if your package depends on other new packages that Bodhi hasn't released yet. You can use koji to build for rawhide (the next unreleased version), even if it depends on other new packages, as long as the other packages were built for the "rawhide" as described below. If you need to build against a package that is not yet a stable released
update, you can file a ticket with rel-eng at: https://fedorahosted.org/rel-eng/newticket and request that that package be
added as a buildroot override. For packages in EPEL, you have to use the component epel to get the request to the right persons.

Make sure your package builds. This is surprisingly important, because a significant number of submissions don't.

Upload Your Package

Upload your SRPM and SPEC files onto the Internet somewhere so that others can retrieve them. This can be anywhere accessible by a URL, but it is important that the files be directly accessible, not hidden behind some service that makes people wait to download things or redirects through advertising pages.
If you are in at least one project group then you can use your storage at http://fedorapeople.org for this. If you have not done anything with your account besides set it up and sign the CLA then you can request sufficient access to use fedorapeople space by visiting the sponsors trac instance and filing a ticket in the "Initial package hosting request" component.

Create Your Review Request

Before submitting your request, be sure there’s not a previous request for the same package. There is a convenient search box on the package review status page.

Make sure that you put the name of the package (excluding version and release numbers) in the 'Review Summary' field, along with a very brief summary of what the package is.

Put a description of your package (usually, this can be the same thing as what you put in the spec %description) in the 'Review Description' field. Include the URLs to your SRPM and SPEC files.

Explain in the ticket that this is your first package and you need a sponsor. Also include any information that may help prospective sponsors. If you've been active in other review work, include links. If you're the upstream maintainer, be sure to say so.

For bonus points, include a link to a successful koji build so that everyone knows you did all of your homework.

Make sure that you mention in the 'Review Description' field that this is your first package, and you are seeking a sponsor. In Fedora Package Collection, all new contributors must be sponsored. Some potential sponsors will look at the FE-NEEDSPONSOR bug in bugzilla to find packages to review. You can add your package to this list by editing your review request bug and adding FE-NEEDSPONSOR in the 'Bug xyz blocks' field (where xyz is the bug number for your review request).

Inform Upstream

Fedora as a project prefers to stay close to upstream. Inform the developers that you are packaging the software. You can do that by sending them an email introducing yourself and pointing out the review request. This sets up the stage for future conversations. They will usually advertise the fact that their software is now part of Fedora or might want to inform you of important bugs in the existing release, future roadmaps etc.

Introduce yourself

When a new package maintainer joins the Fedora Project, we request that he/she introduces themselves on the Fedora Devel mailing list. To sign up for the list, visit the devel list's signup page . The primary purpose of this is to begin the process of building trust by learning about the package maintainer and increase the chances of your review request being processed sooner.

The purpose of all this is to break anonymity and foster real-world community within the project. You are under no obligation to reveal personal secrets. The objective is to establish a level of trust with yourself and the other members of the project.

Subject: Self Introduction

Body: Add any information you believe is applicable including past experience, a link to the review request you have filed and a brief description of yourself. You can also post your GPG key information if you want to.

Watch for Feedback

Watch the Bugzilla report for your first package. You should get notifications of changes by email. Fix any blockers that the reviewer(s) point out.

Get Sponsored

When the package is APPROVED by the reviewer, you must separately obtain member sponsorship in order to check in and build your package. Sponsorship is not automatic and may require that you further participate in other ways in order to demonstrate your understanding of the packaging guidelines. Key to becoming sponsored is to convince an existing sponsor-level member that you understand and follow the project's guidelines and processes.

Review and approval for the first package for new packagers must be done by registered sponsors. Subsequent reviews can be done by any package maintainer. Informal reviews can always be done by anyone interested.

Your sponsor can add you to the packager group. You should receive email confirmation of your sponsorship.

Add Package to Source Code Management (SCM) system and Set Owner

If you are becoming a maintainer for a new package, instead of being a co-maintainer, follow Package SCM admin requests to get a module for your new package and branches for recent releases.

This will be used to set up the proper records in the owners database, which is used for access to build the package, bugzilla population, and other features. This step creates a module in the repository your new package, with branches for each requested distribution.

Check out the module

You could check out your module now, but before doing that, consider doing "mkdir ~/fedora-scm ; cd ~/fedora-scm" - that way, all your files are inside that. Also, run ssh-add, so that you won't have to keep typing in your key password.

Running ssh-add before doing any SCM operations is a very good idea. It will save you from having to type your key password for every operation. You only have to run ssh-add once per session, it will remember it until you log out or reboot. If "ssh-add" reports "Could not open a connection to your authentication agent.", start a new shell under it using "exec ssh-agent bash".

Now you are ready to checkout your module from the SCM:

fedpkg clone <packagename>

Where <packagename> should be replaced with the name of your package.

If this step fails, be sure your private ssh key (~/.ssh/id_rsa) mode is set to 0400. You might have to wait for up to an hour after your request for a new git module has been approved to get write access. Make sure your public key is the same as in the Fedora Accounts System (FAS). Key propagation may take an hour or so after uploading into FAS

Note that fedpkg does not set the user config for your new git repo automatically. Make sure to have these set globally or locally in your new repo before you do your first commit (see Configure your global git settings).

Note: If you are not a member of the fedora packager group, you will receive a "permission denied" error. Use the -a flag to clone anonymously.

Import, Commit,and Build Your Package

Now that you've checked out your (empty) package module with fedpkg,
cd into the module's master branch:

cd <packagename>

Run fedpkg to import the contents of the SRPM into the SCM:

fedpkg import PATH_TO_SRPM

Git config needsA config problem has been discovered which may make fedpkg push or fedpkg commit -p or even git push not understand your intentions. As a short term work around, you can run: git config --global push.default tracking. This option tells git that when it gets a push request with no other arguments, see if it's tracking a remote branch. If it is, push to that remote branch. This seems like it will usually be safe no matter what git repository you are using.

You can also use the Web interface for Bodhi to request enhancement updates for each released Fedora you are bringing a new package to.

The first field asks for the name of the "Package". This field will auto-complete the package name found in the Koji build system, e.g. <package-name>-<version>-<release>.fc16. If completion doesn't work, just enter the package build name yourself.

For new packages, choose "newpackage" as the "type" of update.

Put the "Request" as "testing" if you want to put the package through testing first, see Fedora Quality Assurance . Put "stable" if you want to push the package directly to stable.

Put the bug number of the package's Review Request in the "Bugs" field blank. Bodhi will automatically close it as NEXTRELEASE when it gets pushed to the requested update status.

For new packages, add a copy of the package's description in the "Notes" section, so end users will know what the package is.

After you have submitted an upgrade through bodhi, your package is placed in a queue. Periodically, an administrator will check the queue and push all of the packages into the appropriate repositories.

Make the package available in "comps" files

If appropriate for the package, make it available in "comps" files so that it can be selected during installation and included in yum's package group operations. See PackageMaintainers/CompsXml for more info.

Getting Help

We know that this process can be as clear as mud sometimes, and we're always trying to make it better. If you run into any problems, or have any questions, please ask on the devel@lists.fedoraproject.org mailing list or in #fedora-devel[?] on freenode.net.

The Fedora Mentors Project has people willing to help new contributors in their packaging efforts. See the Mentors page for more information.